Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.

Page Content

Glance around your office and you are likely to see more laptops, iPads and smart phones at work not owned by the company but belonging to your co-workers. The bring-your-own (BYO) computer trend is gaining steam, serving as employee retention and recruiting tools and as a way for organizations to reduce technology support costs.

According to a 2010 Forrester Research report, 56 percent of North American and European companies support use of personal mobile computing devices in the workplace. Forrester estimates about half of the 15 million iPads sold in 2010 are used in the workplace.

Because company-sponsored BYO programs transfer responsibility for computer support to employees, including keeping anti-virus software and security patches up-to-date, information technology and human resource information system (HRIS) managers worry that the programs increase odds of corporate networks being infected with damaging viruses or malicious software. In addition, worker-owned computers can make sensitive corporate data more vulnerable to loss or theft.

Yet a number of companies are operating successful BYO programs, believing that they have addressed information security concerns with rigorous security models that apply the latest technologies and data controls.

A BYO PC Pioneer

Citrix Systems, a company that specializes in virtual computing solutions, launched a formal BYO PC program in 2008 after surveying employees and finding many were happier with their personal computing devices than those used in the workplace, said Michael McKiernan, vice president of business technology at Citrix. “The program primarily is about giving employees more choice in devices they use,” McKiernan said. He added that personal computers are reducing the company’s technology support costs.

Citrix employees participating in the program receive a $2,100 stipend to buy a laptop of their choice, along with a three-year, full-service warranty. The stipend represents a cost savings to the company, McKiernan said, because costs to procure, manage and support the laptops over a three-year span are estimated at $2,500 to $2,700. If employees leave a company before the three years are up, they then repay the stipend on a pro-rated basis.

About 750 employees, or 13 percent of Citrix’s workforce, participate in the BYO PC program. About 60 percent choose Windows-based laptops, with the rest selecting Macintosh systems, McKiernan said. Other mobile devices, like smart phones, are not part of the program.Addressing Information Security

As more computers become the property of an employee, how is Citrix addressing information security? Employees are required to place approved anti-virus software on personal devices, McKiernan said, and a multilayered system forces users to authenticate identification before accessing the Citrix corporate network. Encrypted data plug-ins help protect information on laptops.

The Citrix network is founded on “virtualization technology,” which consolidates a number of computing environments onto a single server. Employees who tap into the BYO PC program allow software on their personal notebook that gives them access to company applications and data on corporate servers. The information is disseminated virtually, rather than installed directly, on their laptops.

Brandy Fulton Moorer, vice president of human resources at Citrix, said virtualization technology eases her concerns about loss and theft of sensitive HR data. Moorer added that employees working on a Citrix XEN desktop bring unprecedented flexibility and mobility to its workforce.

“When we work in an application environment and use Citrix receivers on employee-owned laptops, all of our sensitive data is hosted securely and centrally,” Moorer said.

Other BYO Believers

Fortune 500 companiesKraft Foods Inc. and Microsoft Corp. have launched BYO programs.Kraft introduced its program in 2010, and like Citrix, the company provides a stipend to help employees pay for laptops and software costs. Employees manage their computer support and are required to purchase and install an approved data security software package. All Kraft intellectual property is saved to a secure folder hosted by information services, and sensitive human resource data is encrypted.

“The ‘bring your own’ computer program is one of the ways Kraft Foods strives to be on the forefront of innovation,” said Roberta Cadieux, director of workplace services at Kraft Foods. “As the number of employees choosing to participate continues to rise, we know that the program is something our employees are excited about and proud of. It is also something that keeps the company ahead of the curve for technological flexibility and work/life integration.”

Microsoft allows employees to use personal devices for work purposes but does not reimburse its workforce for their purchase, said Patrick O’Rourke, Microsoft’s director of information technology. O’Rourke added that if a personal device meets Microsoft IT security requirements, it is allowed to connect to the corporate network and access internal resources.

“We use network access control technology to interrogate all devices trying to access our network to ensure they meet Microsoft security policies. And if it doesn’t meet policy, it is either remediated so it does meet policy or it is denied access to the corporate network,” O’Rourke said.

Creating BYO Policies

Given the information security, data ownership and privacy issues in play, employment attorneys suggest that companies create proactive policies addressing BYO programs. What happens, for example, if an employee leaves for a new job or is fired but takes company information on his or her laptop? What rights do companies have to search or retrieve data from employee-owned devices in the event of lawsuits?

While this remains a developing legal issue, Philip Gordon, a shareholder with Littler Mendelson, a law firm representing management in employment, employee benefits and labor law matters in Denver, encourages companies implementing BYO programs to have participating employees sign “personal device” contracts.

Gordon said employees should abide to the following terms:

Put company-approved data protection software on their devices.

Permit the company to monitor the device whenever it is connected to the corporate network.

Allow a “kill” command that can wipe out sensitive corporate data remotely if a device is lost or stolen, releasing the company from any claims for inadvertent damage to personal files.

​Consent that any organizational data on a computer is owned by the company, not the employee.

If disgruntled employees leave a company with bad intentions, there is little that can be done to protect sensitive corporate data on their personally-owned devices once they are out the door.

“You’re talking about a device that’s probably in someone’s home, and you’d have to go through a subpoena process to get access to it, and the employee could do significant damage in that time,” said Nicole Haaning, an employment attorney with Dorsey & Whitney, a Minneapolis-based law firm specializing in business issues. “That’s an issue even if you’ve created a proactive policy up front.”

Measuring Impact

While Citrix does not have any hard data proving that its BYO participants are more productive than in the past, surveys do show they are happier, McKiernan said.

“Ninety-six percent of participants said they were satisfied with the BYO program and would recommend it to someone else,” he said. “You can reasonably argue that a more satisfied employee will probably stay with the company longer and be willing to work harder.”

Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.